IETF Logo Mail Archive

Re: [Secdispatch] Oblivious HTTP charter draft

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 18 March 2021 13:09 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A185D3A2B3E for <secdispatch@ietfa.amsl.com>; Thu, 18 Mar 2021 06:09:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DSsXVqcO-9Bz for <secdispatch@ietfa.amsl.com>; Thu, 18 Mar 2021 06:09:22 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2D013A2B3C for <secdispatch@ietf.org>; Thu, 18 Mar 2021 06:09:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 33317389A3; Thu, 18 Mar 2021 09:14:53 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ZhaSUBWcel-A; Thu, 18 Mar 2021 09:14:52 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 0C21F3899E; Thu, 18 Mar 2021 09:14:52 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 2A81E1B9; Thu, 18 Mar 2021 09:09:18 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Martin Thomson <mt@lowentropy.net>
cc: secdispatch@ietf.org
In-Reply-To: <8e53426d-857e-4dd9-a9d0-b907c415abec@www.fastmail.com>
References: <8e53426d-857e-4dd9-a9d0-b907c415abec@www.fastmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 18 Mar 2021 09:09:18 -0400
Message-ID: <7599.1616072958@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/ks2DSQXTsUWK8Vo0olhGBbGW9P0>
Subject: Re: [Secdispatch] Oblivious HTTP charter draft
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Mar 2021 13:09:25 -0000

Martin Thomson <mt@lowentropy.net> wrote:
    > After discussing with a few people, it seems like the SEC area is the
    > best venue for this work.  It's security-focused work and this area has
    > the best expertise in that area.  However, as noted, this will require
    > coordination with HTTP and DPRIVE.  The former to ensure that we aren't
    > abusing their protocol (or at least not TOO badly) and the latter to
    > ensure that this is usable for their purposes.

Remember that we can have WGs in one area, but have a responsible AD from
another area.   Also, having co-chairs with different strenghts can really
help here too.

    > ---
    > # Oblivious HTTP Working Group (OHTTP) Charter

...

    > In a setting where the information included in requests does not need
    > to be correlated, the Oblivious HTTP protocol allows a server to accept
    > requests via a proxy. The proxy ensures that the server cannot see
    > source addressing information for clients, which prevents servers
    > linking requests to the same client. Encryption ensures that the proxy
    > is unable to read requests or responses.

My understanding of how the protocol works is that we are really building a
kind of hybrid HTTP/TLS proxy.  That there is some intentional blurring of
layers in order to get the desired properties.

It seems weird that TLS is not mentioned :-)

    > The working group will define a format for any encryption keys that are
    > needed. The working group will not describe how encryption keys are
    > obtained.

My understanding is that we don't need new infrastructure, because HTTPS
provides what we need.  So I think this text is unnecessary.

    > The working group will not define any methods for discovering
    > proxy or server endpoints; specific uses of the protocol will need to
    > describe discovery methods or rely on configuration.

reasonable.

I think that there may be push in the WG to provide some extension to allow
the proxy to snoop on, but not modify, the traffic.
It may be worth coding this into the charter as out of scope.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email